<?php

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

session_start();

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
    $login = "";
    header("Location: login.php");
} else {
    $login = $_SESSION['login'];
}

$errorMessage = "";
$num_rows = 0;
$used = "";

include 'i_functions.php';

if ($_SERVER['REQUEST_METHOD'] == 'POST') {


    $user_name = "root";
    $pass_word = "haddons";
    $database = "PPI";
    $server = "127.0.0.1";

    $db_handle = mysql_connect($server, $user_name, $pass_word);
    $db_found = mysql_select_db($database, $db_handle);

    if ($db_found) {
        //====================================================================
        //	GET data from form AND CHECK FOR DANGEROUS CHARCTERS
        //====================================================================

        $lender_ID = $_POST['lender_ID'];
        $lendername = quote_smart($_POST['lendername'], $db_handle);
        $address1 = quote_smart($_POST['address1'], $db_handle);
        $address2 = quote_smart($_POST['address2'], $db_handle);
        $address3 = quote_smart($_POST['address3'], $db_handle);
        $city = quote_smart($_POST['city'], $db_handle);
        $postcode = quote_smart($_POST['postcode'], $db_handle);
        $telno = quote_smart($_POST['telno'], $db_handle);
        $faxno = quote_smart($_POST['faxno'], $db_handle);
        $email = quote_smart($_POST['email'], $db_handle);
        $fscs_y = quote_smart($_POST['fscs_y'], $db_handle);
        if ($fscs_y == "checked") {
            $fscs = "Y";
        } else {
            $fscs = "N";
        }
        $fosq_y = quote_smart($_POST['fosq_y'], $db_handle);
        if ($fosq_y == "checked") {
            $fosq = "Y";
        } else {
            $fosq = "N";
        }
        //$mobile = $_POST['mobile'];
//test to see if $errorMessage is blank
//if it is, then we can go ahead with the rest of the code
//if it's not, we can display the error
        //====================================================================
        //	Write to the database
        //====================================================================
        //if ($errorMessage == "") {

        $errorMessage = "adding to lenders file<br>";

        if ($lender_ID == "NEW") {
            print "New lender<br>";
            $Action = "I";
            $SQL = "INSERT INTO `PPI`.`lenders` (
            `CreateBy`, 
            `LenderName`, 
            `Address1`, 
            `Address2`, 
            `Address3`, 
            `City`, 
            `Postcode`, 
            `TelNo`, 
            `FaxNo`,
            `Email`, 
            `FSCS`, 
            `FOSQ` 
            ) VALUES (
            '$login',  
            $lendername, 
            $address1, 
            $address2, 
            $address3, 
            $city, 
            $postcode,
            $telno, 
            $faxno,
            $email,
            '$fscs', 
            '$fosq'  
            )";
        } else {
            print "updating lenders" . $lender_ID . "<br>";
            $Action = "U";
            $SQL = "UPDATE `PPI`.`lenders` SET  
            `LenderName`=$lendername, 
            `Address1`=$address1, 
            `Address2`=$address2, 
            `Address3`=$address3, 
            `City`=$city,  
            `Postcode`=$postcode,
            `TelNo`=$telno, 
            `FaxNo`=$faxno,
            `Email`=$email, 
            `FSCS`='$fscs', 
            `FOSQ`='$fosq'  
            WHERE `ID`='$lender_ID'";
        }

        print $SQL . "<br>";
        $iresult = mysql_query($SQL);
        print "iresult=" . $iresult . ".";
        if ($lender_ID == "NEW") {$lender_ID = mysql_insert_id();}
        
        logger($login, "lenders", $lender_ID, $Action);


        mysql_close($db_handle);
    }
}
?>